CEH vs. OSCP: A Modern Analysis for the Career-minded Professional

Begin Learning Cyber Security for FREE Now!

Rising to the surface in a sea of cybersecurity hiring candidates demands more than mere skill. Employers demand stronger assurances, and the best guarantees of employee talent come in the form of certifications.Choosing between obtaining Certified Ethical Hacker and Offensive Security Certified Professional credentials may seem difficult to the uninitiated. Here’s some vital clarification on which certs will help you outswim your professional peers.

What Is CEH?

Certified Ethical Hacker certifications are designed for those who want to demonstrate their proficiency at identifying weaknesses and vulnerabilities in networks and systems. These vendor-neutral certifications cover a number of topics relevant to penetration testing.

Prerequisites

You can take the CEH exam after you attend official training and demonstrate your experience in at least three of the five Certified Chief Information Security Officer, or CCISO, eligibility criteria. For most people, this amounts to having no less than two years’ worth of job experience. Alternatively, you can prove that you possess five years of information security experience in all five of the CCISO domains. In both cases, applying to obtain such proof from the EC-Council may take as long as six weeks.

If you completed your coursework online, you’ll need to provide your completion certificates to the EC-Council. Your CEH exam cost includes the cost of your training, which may vary, but the application is usually a nonrefundable $100.

After your application gets approved, you’ll have three months to purchase a test voucher. The CEH exam cost for the test itself is around $500.

Exam Requirements

Your exam will consist of a four-hour, multiple-choice test with 125 questions. To pass, you must earn a score of at least 70 percent.

What Is OSCP?

This ethical hacking certification focuses on common penetration-testing methodologies. It’s infamous for its rigorous, 24-hour exam.

Prerequisites

This certification complements a mandatory training course called Penetration Testing with Kali Linux. You should be able to write scripts and tools for penetration testing, bypass firewalls with tunneling techniques, identify and exploit web application vulnerabilities like XSS and SQL injection, and conduct attacks from the client side and remotely. Many of these topics will be covered in the class, but most people agree that going in with solid experience in Linux and TCP/IP is a must.

Exam Requirements

This certification is hands on. In other words, you can’t obtain it without passing an intense practical challenge.

For the exam, you’ll be granted access to an unfamiliar network and given 24 hours to prove that you’ve completed a given set of penetration tests, successfully penetrated systems and correctly documented your progress. Most students find out how they performed within three days of completing the test.

How Do the Certifications Differ?

Offensive Security Certified Professional holders don’t need recertification, but those who complete Certified Ethical Hacker Training and testing must recertify every three years. While this might seem like an inconvenience, the fact that you have to keep your knowledge current may ultimately make you appear more hirable. It’s also important to note that Certified Ethical Hacker training and credentialing are generally more affordable.

Career Outlooks

Certified Ethical Hacker accreditation is accepted by the U.S. government, and some Department of Defense jobs actually require it as per DoD 8750 Baseline Certifications. Even though Offensive Security Certified Professional is a rigorous certification, having it may not help you land a government job.

Is one certification going to earn you more during your professional lifetime? According to PayScale, in late 2016, Certified Ethical Hackers earned average salaries of around $76,855, and many enjoyed hefty bonuses, profit sharing options and upward mobility. OSCP holders earned slightly more on average, but their salaries also varied more widely along with their job titles.

Choosing Your Certification

Both of these certifications are highly valued by modern employers. Many professionals even hold both certifications or combine them with other credentials, like CISSP and CompTIA’s Security+.

Of course, there’s no substitute for having a packed resume and actual job experience. Still, completing your Certified Ethical Hacker training can definitely help you keep your head above water at interviews, especially if you’re new to penetration testing.

20 Comments

Agreed with AlphaSprite – CEH is an entry level check box for HR to look at your resume. Even with the newest edition (that doesn’t have a version)which is v9 so everyone can track which book to buy to study – the entire course goes on what you know, not what you can do. DoD is going away from 8750 and is now using 8140 due to everyone jumping on the hiring bandwagon to hire CEH folks who accomplished nothing in defending the network — it just sounds cool. EC Council and their training is inferior to OSCP. All govt. RED TEAMS use OSCP and would never hire a CEH. If you want real training, with realistic labs that will get in you into a ethical hacker/pen testing position – then start with Mile2. Once you learn the tools and techniques – polish that to a mirror shine by completing VM/.ova challenges off of VulnHub. Then, you will be ready to go after OSCP. Remember, the Kali people will walk you through each and every section of the OSCP labs — take notes – screen shots – organize your efforts so when you actually take the exam (actually hacking into their VM servers) – you’ll be able to do it and gain far more respect than getting EC C CEH.

honestly i had my ECCOUNCIL CEH two years ago but i love
OSCP which I’m about to start taking training i have been
hearing from people interesting things about OSCP which
They say is far better than CEH in terms of handling
Complex tasks, i don’t know.

The difference for these is night and day. CEH is a tick box entry level qualification for those that need an certificate to get into a government job or security. OSCP is a practical test of ability to learn for those who are interested in pentesting. The recertification argument is pointless for pentesters or those heavily involved in security you must learn constantly and no certification can keep up.
CEH is for new starters outside pentesting and easy side step from another field.
OSCP is streets ahead of other certs but it should teach you how to research and think. This is something very rare in any certification.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.